CVE-2013-6671

HIGH

Description

The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.

References

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html

http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html

http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html

http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html

http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html

http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html

http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html

http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html

http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html

http://rhn.redhat.com/errata/RHSA-2013-1812.html

http://www.mozilla.org/security/announce/2013/mfsa2013-111.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.securityfocus.com/bid/64212

http://www.securitytracker.com/id/1029470

http://www.securitytracker.com/id/1029476

http://www.ubuntu.com/usn/USN-2052-1

http://www.ubuntu.com/usn/USN-2053-1

https://bugzilla.mozilla.org/show_bug.cgi?id=930281

https://security.gentoo.org/glsa/201504-01

Details

Source: MITRE

Published: 2013-12-11

Updated: 2020-08-12

Type: CWE-94

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp3:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:vmware:*:*

cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:-:*:*:*

Configuration 5

OR

cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*

Tenable Plugins

View all (36 total)

IDNameProductFamilySeverity
701241Mozilla Firefox ESR < 24.2 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical
82632GLSA-201504-01 : Mozilla Products: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
75327openSUSE Security Update : seamonkey (openSUSE-SU-2014:0008-1)NessusSuSE Local Security Checks
critical
75241openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1918-1)NessusSuSE Local Security Checks
critical
75240openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1917-1)NessusSuSE Local Security Checks
critical
75239openSUSE Security Update : MozillaFirefox (openSUSE-SU-2013:1916-1)NessusSuSE Local Security Checks
critical
74868openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2013:1957-1)NessusSuSE Local Security Checks
critical
74867openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2013:1959-1)NessusSuSE Local Security Checks
critical
74866openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2013:1958-1)NessusSuSE Local Security Checks
critical
71785Fedora 18 : thunderbird-24.2.0-2.fc18 (2013-23291)NessusFedora Local Security Checks
critical
71560SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8657)NessusSuSE Local Security Checks
critical
71559SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8657)NessusSuSE Local Security Checks
critical
71505Fedora 20 : firefox-26.0-3.fc20 / thunderbird-24.2.0-3.fc20 / xulrunner-26.0-2.fc20 (2013-23519)NessusFedora Local Security Checks
critical
8072SeaMonkey < 2.23 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical
8071Mozilla Thunderbird < 24.2 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
critical
8070Mozilla Firefox < 26.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical
71452FreeBSD : mozilla -- multiple vulnerabilities (dd116b19-64b3-11e3-868f-0025905a4771)NessusFreeBSD Local Security Checks
critical
71448Fedora 19 : thunderbird-24.2.0-2.fc19 (2013-23295)NessusFedora Local Security Checks
critical
71391Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20131211)NessusScientific Linux Local Security Checks
critical
71375Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : thunderbird vulnerabilities (USN-2053-1)NessusUbuntu Local Security Checks
critical
71374Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : firefox vulnerabilities (USN-2052-1)NessusUbuntu Local Security Checks
critical
71371Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20131211)NessusScientific Linux Local Security Checks
critical
71370RHEL 5 / 6 : thunderbird (RHSA-2013:1823)NessusRed Hat Local Security Checks
critical
71368Oracle Linux 6 : thunderbird (ELSA-2013-1823)NessusOracle Linux Local Security Checks
critical
71366Oracle Linux 5 / 6 : firefox (ELSA-2013-1812)NessusOracle Linux Local Security Checks
critical
71365Fedora 19 : firefox-26.0-2.fc19 / xulrunner-26.0-1.fc19 (2013-23127)NessusFedora Local Security Checks
critical
71357CentOS 5 / 6 : thunderbird (CESA-2013:1823)NessusCentOS Local Security Checks
critical
71354CentOS 5 / 6 : firefox (CESA-2013:1812)NessusCentOS Local Security Checks
critical
71349SeaMonkey < 2.23 Multiple VulnerabilitiesNessusWindows
critical
71348Mozilla Thunderbird < 24.2 Multiple VulnerabilitiesNessusWindows
critical
71347Firefox < 26.0 Multiple VulnerabilitiesNessusWindows
critical
71346Firefox ESR 24.x < 24.2 Multiple VulnerabilitiesNessusWindows
critical
71345Thunderbird < 24.2 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
71344Firefox < 26.0 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
71343Firefox ESR 24.x < 24.2 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
71335RHEL 5 / 6 : firefox (RHSA-2013:1812)NessusRed Hat Local Security Checks
critical